Novell ClientTM for Linux

Similar documents
Novell TM. Client. for Linux 1.2. Novell Client for Linux 1.2 Administration Guide. novdocx (ENU) 01 February

Novell Client for Windows Vista User Guide. novdocx (en) 6 April NovellTM Client. for Windows Vista * USER GUIDE.

Novell Identity Manager

NovellTM Client. for Linux README. October 12, 2005

Novell Access Manager

The Novell Client for SUSE Linux Enterprise 11 Service Pack1(SLE 11 SP1) requires workstations / servers running one of the following:

Novell Open Workgroup Suite Small Business Edition

Novell ZENworks Handheld Management

AUTHORIZED DOCUMENTATION. Using ZENworks with Novell Service Desk Novell Service Desk February 03,

Novell GroupWise Migration Utility for Microsoft * Exchange

Novell ZENworks Asset Management 7.5

AUTHORIZED DOCUMENTATION

Client TM 2.0 SP2 for Linux

Novell PlateSpin Forge

Novell Access Manager

Online documentation: Novell Documentation Web site. ( documentation/securelogin70/index.html)

Novell Identity Manager

for Linux This quick start explains how to install the Novell Client for Linux* software on a workstation.

Novell Access Manager

ZENworks Linux Management Migration Guide

Using ZENworks with Novell Service Desk

Update Management ZENworks Mobile Management 3.2.x September 2015

Novell Identity Manager

Asset Management Migration Guide

Novell Business Continuity Clustering

Novell ZENworks Application Virtualization

User Guide SecureLogin 7.0 SP3 April, 2012

Novell ZENworks Endpoint Security Management 4.1 Interim Release 1. 1 Issues Resolved in IR1. Novell. April 16, 2010

Novell Identity Manager

iprint Manager Health Monitor for Linux Administration Guide

Novell Kerberos KDC 1.5 Quickstart. novdocx (en) 11 December Novell Kerberos KDC QUICK START.

Endpoint Security Policies Reference

Novell Messenger. Installation Guide 2.0. novdocx (en) 17 September January 15, Messenger 2.0 Installation Guide

Novell ZENworks GETTING STARTED GUIDE. February 11, 2005

GroupWise Messenger 2 Support Pack 3

ZENworks Control Center Reference

Novell ZENworks Orchestrator

Novell Data Synchronizer 1.2

Novell VPN Client for Linux

3 Mobility Pack Installation Instructions

Novell Identity Manager

Personality Migration Reference

Best Practices Guide Simplifying Filr Deployments with File Reporter and Storage Manager October 5, 2015

Novell ZENworks Handheld Management

Novell NetWare. Novell QuickFinderTM 5.0 Server Administration Guide 6.5 SP8. novdocx (en) 17 September November 9,

Novell Identity Manager

GroupWise Connector for Outlook

Identity Manager 4 Package Manager Lab

Novell GroupWise. GROUPWISE CLIENT FREQUENTLY ASKED QUESTIONS (FAQ) August 15, 2005

ZENworks Reporting Migration Guide

Novell Operations Center

This Readme describes the NetIQ Access Manager 3.1 SP5 release.

Quick Start Access Manager 3.1 SP5 January 2013

Novell ZENworks Suite

Version is the follow-on release after version 8.1, featuring:

Novell Identity Manager

Novell ZENworks 10 Personality Migration

Novell Client Login Extension

NetIQ Aegis: Automated Workflow Magic Lab

Novell Data Synchronizer Mobility Pack Overview. Novell. Readme. January 28, 2013

Novell ZENworks Endpoint Security Management

Full Disk Encryption Pre-Boot Authentication Reference

Entitlements Guide Identity Manager Aprl 15, 2011

Interoperability Guide

Novell Open Workgroup Suite Small Business Edition

Novell Open Enterprise Server

Novell PlateSpin Protect

Multi-System Administration Guide

Novell Access Manager

Driver for edirectory Implementation Guide

Novell NetWare NETIDENTITY ADMINISTRATION GUIDE. December 19, 2003

Configuration Guide Data Synchronizer Mobility Pack Connector for Mobility January 28, 2013

ZENworks Adaptive Agent Reference

Novell Compliance Management Platform

Novell ZENworks 10 Configuration Management SP3

Server Installation ZENworks Mobile Management 2.6.x January 2013

3 NetWare/Windows: Software Installation

Pre-Installation ZENworks Mobile Management 2.7.x August 2013

Novell Access Manager

Novell. imanager ADMINISTRATION GUIDE

Novell ClientTM 2 SP1 for Windows

Making your Applications Portable with Novell ZAV 9 Lecture

Novell Teaming 1.0 Administration Guide. novdocx (en) 24 April Novell Teaming ADMINISTRATION GUIDE.

Installation Guide SecureLogin 7.0 SP3 April, 2012

Novell Open Workgroup Suite Small Business Edition

This product may require export authorization from the U.S. Department of Commerce prior to exporting from the U.S. or Canada.

Novell Server Consolidation and Migration Toolkit

Novell Nsure SecureLogin

SUSE Linux Enterprise 11 Fundamentals Workbook

Identity Tracking. 6.1r1 SENTINEL SOLUTION OVERVIEW. Aug 2008

Style Guide GroupWise Product Documentation August 2013

1 A product that should be in a device s inventory is not showing up in the inventory

Driver for SOAP Implementation Guide

Novell. NetWare 6. NETWARE WEBACCESS OVERVIEW AND INSTALLATION

Novell Open Enterprise Server

Configuration Guide Data Synchronizer Mobility Pack Connector for GroupWise January 28, 2013

Installation and Configuration Guide

Novell Access Manager

Overview GroupWise Software Developer Kit May 2013

Novell Identity Manager Driver for Linux* and UNIX* Settings

Transcription:

Novell Client 2.0 for Linux Administration Guide Novell ClientTM for Linux 2.0 September 18, 2007 ADMINISTRATION GUIDE www.novell.com

Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals. Copyright 2005-2007 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher. Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries. Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see www.novell.com/documentation.

Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.

Contents About This Guide 7 1 Understanding the Novell Client for Linux 9 1.1 Understanding How the Novell Client for Linux Differs from the Novell Client for Windows 2000/ XP....................................................................... 9 1.2 Understanding the Novell Client for Linux Virtual File System......................... 10 1.2.1 Understanding When the Virtual File System Kernel Module Needs to Be Compiled 10 2 Configuring the Novell Client for Linux 13 2.1 Using the Novell Client Configuration Wizard..................................... 13 2.1.1 Configuring Login Settings............................................ 14 2.1.2 Configuring Map Settings............................................. 15 2.1.3 Configuring Protocol Settings.......................................... 16 2.1.4 Configuring Tray Application Settings.................................... 17 2.1.5 Configuring File Browser Settings....................................... 18 2.1.6 Configuring OpenSLP Settings......................................... 19 2.2 Using Configuration Files to Preconfigure the Novell Client.......................... 20 3 Managing Login 23 3.1 Setting Up Integrated Login................................................... 23 3.1.1 Installing and Enabling CASA.......................................... 23 3.1.2 Configuring Integrated Login........................................... 24 3.1.3 Managing System Wide Integrated Login Settings.......................... 25 3.2 Setting Up Login Scripts..................................................... 25 3.3 Setting Up Login Restrictions................................................. 26 3.4 Using OpenSLP to Simplify Login.............................................. 27 3.4.1 Setting Up SLP..................................................... 28 3.4.2 Troubleshooting SLP Configuration..................................... 29 3.4.3 Configuring SLP and the SUSE Firewall to Work with the Novell Client for Linux.. 29 4 Managing File Security 33 4.1 Checking File or Folder Rights................................................ 33 4.2 Changing Trustee Rights..................................................... 35 4.3 Adding a Trustee........................................................... 35 4.4 Removing a Trustee........................................................ 36 4.5 Combining Multiple Trustees.................................................. 36 5 Security Considerations 39 5.1 Security Features........................................................... 39 5.2 Known Security Threats...................................................... 40 5.3 Security Characteristics...................................................... 40 5.3.1 Identification and Authentication........................................ 41 5.3.2 Authorization and Access Control....................................... 41 5.3.3 Roles............................................................. 41 5.3.4 Security Auditing.................................................... 41 Contents 5

5.4 New and Modified Files...................................................... 41 5.4.1 Configuration Files................................................... 42 5.4.2 PAM Login Files..................................................... 42 5.4.3 User Profile Startup Files.............................................. 43 5.4.4 KDE and GNOME Desktop Startup Files.................................. 43 5.4.5 Installation Files..................................................... 44 5.5 Other Security Considerations................................................. 44 A Compiling the Novell Client Virtual File System Kernel Module 45 A.1 Installing the Required Packages............................................... 45 A.2 Compiling the Novell Client Virtual File System Kernel Module........................ 46 A.2.1 Compiling the Novell Client Virtual File System Kernel Module After a Kernel Update. 46 A.2.2 Compiling the Novell Client Virtual File System Kernel Module on Workstations Running a Custom Kernel.................................................... 47 B The Novell Client for Linux Command Line Utilities 49 B.1 Shell Commands........................................................... 49 B.2 GUI Utilities................................................................ 50 B.3 Using the Novell Client for Linux Man Pages...................................... 50 C Novell Client for Linux Man Pages 53 6 Novell Client 2.0 for Linux Administration Guide

About This Guide This guide describes how to configure the Novell Client TM for Linux software. Chapter 1, Understanding the Novell Client for Linux, on page 9 Chapter 2, Configuring the Novell Client for Linux, on page 13 Chapter 3, Managing Login, on page 23 Chapter 4, Managing File Security, on page 33 Chapter 5, Security Considerations, on page 39 Appendix A, Compiling the Novell Client Virtual File System Kernel Module, on page 45 Appendix B, The Novell Client for Linux Command Line Utilities, on page 49 Appendix C, Novell Client for Linux Man Pages, on page 53 Audience This guide is intended for network administrators. Feedback We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there. Documentation Updates For the latest version of this documentation, see the Novell Client online documentation (http:// www.novell.com/documentation/linux_client/index.html) Web site. Additional Documentation For information on installing the Novell Client for Linux, see the Novell Client 2.0 for Linux Installation Quick Start. For information on the Novell Client tray application, see the Novell Client 2.0 for Linux User Guide. For information on login scripts, see the Novell Login Scripts Guide. Documentation Conventions In this documentation, a greater-than symbol (>) is used to separate actions within a step and items within a cross-reference path. A trademark symbol (, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. About This Guide 7

8 Novell Client 2.0 for Linux Administration Guide

1Understanding the Novell Client for Linux The Novell Client TM for Linux* software allows users of Linux workstations to access and use all of the services available on servers running Novell edirectory TM. The Novell Client brings the full power, ease of use, manageability, and security of edirectory to Linux workstations. The Novell Client for Linux fully supports NetWare, OES, and edirectory services and utilities on a Linux workstation, including security, file, and print services through Novell iprint. This section contains the following information: Section 1.1, Understanding How the Novell Client for Linux Differs from the Novell Client for Windows 2000/XP, on page 9 Section 1.2, Understanding the Novell Client for Linux Virtual File System, on page 10 1.1 Understanding How the Novell Client for Linux Differs from the Novell Client for Windows 2000/XP Using the Novell Client for Linux differs in a few ways from using the Novell Client for Windows*. For users and network administrators who are familiar with the Novell Client for Windows, knowing these differences can help the transition to Linux run more smoothly. 1 Installation and Upgrades The Novell Client for Linux can be installed and upgraded using either YaST or an installation script. For more information, see the Novell Client 2.0 for Linux Installation Quick Start. There is no Automatic Client Upgrade available on Linux. The Client Configuration Wizard lets you set up a configuration file that can be used to preconfigure workstations during installation. For more information, see Section 2.2, Using Configuration Files to Preconfigure the Novell Client, on page 20. Logging In When a user logs in to a local workstation and then opens a remote SSH session and logs in as the same user, the network resources that user has rights to are available to the user. The Novell Client for Linux can use the NMAS TM login method to authenticate. However, the NMAS login is not integrated in to the Novell Client for Linux login screen, so the default login sequence cannot be set in the Novell Client Login screen. The Novell Client for Linux uses OpenSLP, whereas the Novell Client for Windows uses Novell s implementation of SLP. The network administrator must set up OpenSLP before users can look up trees, contexts, and servers using the Browse buttons in the Novell Client Login window. If OpenSLP is not set up, the user must enter a username, tree, and context to connect to the network. See Chapter 3, Managing Login, on page 23 for more information. Understanding the Novell Client for Linux 9

Because Linux uses OpenSLP, the implementation is different and the user s experience is different. For more information, see Section 3.4, Using OpenSLP to Simplify Login, on page 27. The Novell Client for Linux does not use the Dynamic Local User or Location Profiles that are available in Windows. User Interface Both a graphical user interface and command line utilities are available to complete client actions such as mapping drives, setting trustee rights, and copying files. Login Scripts Novell has ported the vast majority of login script functionality to the Linux platform. This means that the login scripts you create in your network can be used for both Windows users and Linux users with very little difference in functionality. Some differences do exist, however. For example, mapped drives are implemented by creating symbolic links and search drives are not available on Linux. Other small differences are created by the inherent difference between Windows and Linux. All the differences and issues are listed in the Novell Login Scripts Guide. 1.2 Understanding the Novell Client for Linux Virtual File System The Novell Client for Linux differs from previous Novell Clients to enable it to work on the Linux platform. In Windows, the Novell Client loads a single binary that works on multiple operating system platforms without modifications. The Novell Client for Linux has a Virtual File System that consists of a kernel module (novfs.ko) that runs as part of the Linux kernel and a daemon (novfsd) that runs in the user space. Both components must be running on the workstation for the client to connect to the network. The daemon can run on any of the supported Linux platforms without modification. The kernel module, however, is dependent on the kernel version and must be compiled to match the kernel on the workstation. When the Novell Client is installed, it compiles the kernel module during the installation process. If this process fails, the kernel module cannot load. It attempts to recompile when the workstation is restarted. 1.2.1 Understanding When the Virtual File System Kernel Module Needs to Be Compiled The following is a list of the instances when you must compile the Novell Client Virtual File System Kernel Module (novfs.ko): You installed the Novell Client and received an error message. This generally occurs because all the required packages are not installed on a workstation. You must install these packages, compile the Novell Client Virtual File System Kernel Module (novfs.ko), and restart the workstation. See System Requirements in the Novell Client for Linux Installation Quick Start for more information. You have previously compiled the Novell Client Virtual File System Kernel Module (novfs.ko) and then made changes to the kernel. 10 Novell Client 2.0 for Linux Administration Guide

You have a custom kernel of any of the supported versions. Kernel updates are automatically pushed to the workstation via Red Carpet. In all of these instances, you must recompile the Novell Client Virtual File System Kernel Module (novfs.ko) to ensure that it is compatible with the Linux kernel version on your workstation. However, when later shipping versions of SLED are provided by Novell, the Novell Client Virtual File System Kernel Module (novfs.ko) is installed and you do not need to recompile it because the module is included in the kernel. For more information, see Appendix A, Compiling the Novell Client Virtual File System Kernel Module, on page 45. NOTE: If you patch the kernel for any reason, you must make sure that you have the required packages that correspond to the kernel patch. For a list of the required packages, see System Requirements in the Novell Client for Linux Installation Quick Start. The Novell Client for Linux then recompiles when the workstation is restarted. Without the corresponding packages, the recompile fails. Under certain conditions, your version of novfs.ko could be rolled back when you install a new kernel module. For example, if you download and install a patched version of novfs.ko, and then later install an SLED 10 update to your kernel, the Novell Client Virtual File System Kernel Module patch might be overwritten. You should then reinstall the novfs.ko patch and recompile the kernel in order to ensure that the kernel module and the kernel are compiled. Understanding the Novell Client for Linux 11

12 Novell Client 2.0 for Linux Administration Guide

2Configuring the Novell Client for Linux This section explains two ways that you can configure the Novell Client TM for Linux settings on a workstation. Both methods let you configure the file browser, protocol, login, tray application, and SLP configuration settings available to Novell Client users. Using the Novell Client Configuration Wizard (page 13) Using Configuration Files to Preconfigure the Novell Client (page 20) 2.1 Using the Novell Client Configuration Wizard The Novell Client for Linux includes a Novell Client Configuration Wizard to simplify the process of configuring your Novell Client. 1 Launch the Novell Client Configuration Wizard using either of the following methods: Click > System Settings. In YaST, click Network Services > Novell Client. 2 If you are not logged in as root, type the root password, then click OK. 3 Select the Client Configuration Wizard pages that contain the settings you want to configure. 2 You can configure the following settings: Login Map Configuring the Novell Client for Linux 13

Protocol Tray Application File Browser Service Location Protocol (OpenSLP) 4 Click Start Wizard. 5 Follow the instructions in the left panel to configure Novell Client settings. 6 Click Finish. 7 Restart the workstation to ensure that the settings take effect. If you made changes to the Protocol Settings page or the Service Location Protocol (OpenSLP) Settings page, you must reboot the machine for those changes to take effect. Any changes you make to the Novell Client settings are written to a set of configuration (.conf) files in the /etc/opt/novell/ncl directory. IMPORTANT: When the Novell Client software is uninstalled, these settings are not saved. 2.1.1 Configuring Login Settings Use the Login Settings page in the Novell Client Configuration Wizard to configure the settings available to users in the Novell Login dialog box. Figure 2-1 Login Settings Page This page contains the following options: NMAS Authentication: Enables or disables Novell Modular Authentication Services (NMAS TM ) during login. NMAS authentication can add additional security to the network, but 14 Novell Client 2.0 for Linux Administration Guide

if the network does not use NMAS, login might take additional time, so you can disable NMAS authentication by disabling this setting. This option is selected by default. Clear Previous User Name: Clears the previous username from the User Name field on the Novell Login dialog box every time you open the dialog box. Advanced Button: Enables or disables the Advanced button in the Login dialog box. This option is selected by default. Integrated Login: Enables the integrated login feature for the entire system. This is set by the administrator and cannot be overridden by the user. Display Integrated Login Results: When this option is disabled, all login scripts are run silently and the script results window is not displayed, but login scripts are still processed. Delete Integrated Login Profiles: Removes the existing login profiles for all users on this workstation. Default Tree: Specify the default tree that Login attempts to log in to. This setting is overridden by the Login Dialog Tree history. Default Context: Specify the default context that Login attempts to log in to. This setting is overridden by the Login Dialog Context history. For more information on using the Novell Login dialog box, see Logging In to the Network in the Novell Client for Linux User Guide. 2.1.2 Configuring Map Settings Use the Map Settings page in the Novell Client Configuration Wizard to specify the directory on the local workstation where symbolic links to network resources are created and to select the first letter to use when creating these links. Figure 2-2 Map Settings Page Configuring the Novell Client for Linux 15

This page contains the following options: Map Link Default Location: Specify the path to the directory where Map creates symbolic links to network resources. A value of %HOME (the default) causes Map to create symbolic links in the user s home directory. First Network Drive: Select the first letter for Map to use when creating symbolic links to network resources. This setting is used in commands such a Map *1 or Map next. 2.1.3 Configuring Protocol Settings Use the Protocol Settings page in the Novell Client Configuration Wizard to determine the level of enhanced security support, select the providers to perform name resolution, and enable the Client to obtain configuration information from your DHCP server. Figure 2-3 Protocol Settings Page This page contains the following options: Name Resolution Providers: Select the providers to perform name resolution. Domain Name System also uses the /etc/hosts file. NetWare Core Protocol TM uses information contained in the active NCP TM connections. Service Location Protocol queries SLP for edirectory TM and Bindery names. NCP Signature Level: Specify the level of enhanced security support. Enhanced security includes the use of a message digest algorithm and a per connection/per request session state. The values are as follows: 0=Disabled 1=Enabled but not preferred 2=Preferred 3=Required 16 Novell Client 2.0 for Linux Administration Guide

Changing the value of this setting to 2 or 3 increases security but decreases performance. Dynamic Host Configuration Protocol (DHCP): If a DHCP server is set up on your network, the DHCP server can inform the Novell Client of network-specific configuration information. This information is made available when a user click the Tree, Context, or Server buttons on the edirectory tab of the Novell Login dialog box. If you make changes to the Protocol Settings page, you must reboot the workstation for those changes to take effect. 2.1.4 Configuring Tray Application Settings Use the Tray Application Settings page in the Novell Client Configuration Wizard to automatically launch the Novell Client Tray Application when the desktop starts and to determine which options are available to users on the Tray Application menu. Figure 2-4 Tray Application Settings Page This page contains the following options: Launch Tray Application: Select this option to automatically launch the Novell Client Tray Application. Tray Application Menu Options: Enables or disables the options available to users on the Tray Application menu. For more information, see Using the Novell Client Tray Application in the Novell Client.for Linux User Guide. Configuring the Novell Client for Linux 17

2.1.5 Configuring File Browser Settings Use the File Browser Settings page in the Novell Client Configuration Wizard to specify which Novell Client options are available to users when they right-click Novell file system directories or files in a file manager, and which tabs are available on the Novell File, Folder, and Volume Properties pages. Figure 2-5 File Browser Settings Page This page contains the following options: Navigation Panel Icon (KDE only): Enables or disables the File Browser Navigation Panel icon. This icon is displayed only in KDE. Novell Properties: Enables or disables the Novell Properties menu option when users rightclick a Novell file system directory or file in a file manager. Purge Novell Files: Enables or disables the Purge Novell Files menu option when users rightclick a Novell file system directory or file in a file manager. Salvage Novell Files: Enables or disables the Salvage Novell Files menu option when users right-click a Novell file system directory or file in a file manager. File and Folder Information: Enables or disables the File Information and Folder Information tabs on the File and Folder Properties pages (available when users right-click a Novell file system directory or file in a file manager and then click Novell Properties). Novell Rights: Enables or disables the Novell Rights tab on the File and Folder Properties pages (available when users right-click a Novell file system directory or file in a file manager and then click Novell Properties). Volume Information: Enables or disables the Volume Information tab on the Volume Properties page (available when users right-click a Novell file system volume in a file manager and then click Novell Properties). 18 Novell Client 2.0 for Linux Administration Guide

Volume Statistics: Enables or disables the Volume Statistics tab on the Volume Properties page (available when users right-click a Novell file system volume in a file manager and then click Novell Properties). 2.1.6 Configuring OpenSLP Settings Use the Service Location Protocol (OpenSLP) Settings page in the Novell Client Configuration Wizard to specify where and how the Client requests network services. In an IP-only network, the Novell Client needs a way to resolve the edirectory tree, context and server names to an actual IP address of an edirectory server that can provide authentication. On a simple LAN, the client can send an IP broadcast to discover this information, but on a multisite WAN, the SLP scope and Directory Agents must be listed. Figure 2-6 Service Location Protocol (OpenSLP) Settings Page This page contains the following options: Scope List: Specify the scopes that a user agent (UA) or service agent (SA) is allowed when making requests or registering, or the scopes that a directory agent (DA) must support. Directory Agent List: Specify the specific DAs that UA and SA agents must use. If this setting is not used, dynamic DA discovery is used to determine which DAs to use. Broadcast Only: Select this option to use broadcasting instead of multicasting. This setting is not usually necessary because OpenSLP automatically uses broadcasting if multicasting is unavailable. SLP is designed to use IP multicasting; however, if any SLP Agent does not implement IP multicasting, then all Agents must use broadcasting to reach that Agent. If a DA does not support multicasting, we recommend using the Directory Agent List to configure that Directory Agent rather than using this option. Configuring the Novell Client for Linux 19

If the network does not contain a DA, IP servers must use their own SAs to specify the services that are available. If the SA does not support multicasting and if there are any services advertised by that SA that are needed by the UA on this machine, then use the Broadcast Only option. Broadcasting has the disadvantage of being limited to the local LAN segment. Maximum Results: Specify a 32-bit integer giving the maximum number of results to accumulate and return for a synchronous request before the time-out, or the maximum number of results to return through a callback if the request results are reported asynchronously. If you make changes to the Service Location Protocol (OpenSLP) Settings page, you must reboot the workstation for those changes to take effect. For more information, see Section 3.4, Using OpenSLP to Simplify Login, on page 27, SLP Fundamentals (http://www.novell.com/documentation/edir873/qsedir873/data/aksciti.html), and the OpenSLP (http://www.openslp.org) Web site. 2.2 Using Configuration Files to Preconfigure the Novell Client The Novell Client for Linux allows you to apply preconfigured client settings contained in one or more configuration (.conf) files. This option works similar to the unattend file that can be used to configure the Novell Client for Windows (see Creating the Configuring File (http:// www.novell.com/documentation/noclienu/noclienu/data/bu01sei.html#hn62kppa) in the Novell Client for Windows Installation and Administration Guide for more information). Preconfiguring the Novell Client for Linux requires the novell-client-conf.spec file and the make_novell-client-conf_rpm Bash script located in the /add-on/novellclient-conf subdirectory in the directory where you unarchived the Client download file. 1 Create the preconfigured settings using the Novell Client Configuration Wizard. See Section 2.1, Using the Novell Client Configuration Wizard, on page 13. 2 Copy the appropriate.conf files to the /add-on/novell-client-conf directory. Depending on the settings you preconfigured, copy one or more of the following files: Conf File Path and Name /etc/opt/novell/ncl/file_browser.conf /etc/opt/novell/ncl/login.conf /etc/novell/ncl/map.conf /etc/opt/novell/ncl/protocol.conf /etc/opt/novell/ncl/tray_app.conf /etc/slp.conf Configuration Settings File browser settings Login settings Map settings Protocol settings Novell Client Tray Application settings SLP configuration settings 3 Run the make_novell-client-conf_rpm script to create a novell-client-confversion_number.platform.rpm file (for example, novell-client-conf- 1.0.0-0.i586.rpm) using all of the.conf files contained in the /add-on/novellclient-conf directory. 20 Novell Client 2.0 for Linux Administration Guide

3a Make sure you are the root user. 3b Enter the following in a terminal: bash make_novell-client-conf_rpm 4 Install the preconfigured settings contained in novell-client-confversion_number.platform.rpm using one of the following methods: Install manually in a terminal: Enter rpm -i novell-client-confversion_number.platform.rpm in a terminal. Install using the ncl_install script: When you launch the ncl_install script (located in /opt/novell/ncl/bin or in the directory where you unarchived the Client download file), it looks for novell-client-confversion_number.platform.rpm in the /add-on/novell-client-conf directory and adds it to the list of RPMs it installs as part of the Client. Install with the Novell Client using YaST: Add the location of the newly created novell-client-conf-version_number.platform.rpm to the list of installation sources in YaST (add a local directory in the Installation Source option and point it to the directory containing novell-client-confversion_number.platform.rpm). When the YaST install runs, novellclient-conf-version_number.platform.rpm is added as one of the RPMs in the Novell Client selection. The Novell Client configuration settings on a workstation can be updated at any time using the YaST method. The.conf files contained in the RPM are copied to the /etc/opt/novell/ncl directory, overwriting the files of the same name that already exist there. The installation then copies the slp.conf file to the /etc directory, overwriting that file as well. TIP: Backup copies of the existing files are made in the same directory so that you can revert to the old files if you need to. Configuring the Novell Client for Linux 21

22 Novell Client 2.0 for Linux Administration Guide

3Managing Login You can customize the client login environment with the following tasks to suit your network and have greater control over what users can access during login: Section 3.1, Setting Up Integrated Login, on page 23 Section 3.2, Setting Up Login Scripts, on page 25 Section 3.3, Setting Up Login Restrictions, on page 26 Section 3.4, Using OpenSLP to Simplify Login, on page 27 For more information, see Logging In to the Network and Logging Out of a Network Location (Server or Tree) in the Novell Client for Linux User Guide. 3.1 Setting Up Integrated Login The Novell Client TM 2.0 for Linux provides a single, synchronized login to the SUSE Linux desktop and your Novell network. Users enter their name and password only once to access all the resources they are authorized to use. IMPORTANT: The integrated login feature is not available if you log in as the root user, and the integrated login feature does not work if a workstation is set up to not ask for a password in the display manager greeter. For integrated login to work, the Novell Common Authentication Services Adapter (CASA) must be installed and enabled. CASA is a common authentication and security package that provides a set of libraries for application and service developers to enable single sign-on to an enterprise network. 3.1.1 Installing and Enabling CASA CASA is installed by default with SLED 10 SP1, but it is not enabled. CASA is not installed or enabled by default with opensuse 10.2. 3 Installing CASA 1 Launch the YaST Control Center. GNOME: Click Computer > More Applications > System > YaST. KDE: Click the menu button > System > YaST. 2 If you are not logged in as root, type the root password, then click Continue. 3 Click Software in the left column, then click Software Management in the right column. 4 Click Search in the Filter drop-down list. 5 Type casa in the Search field, then click Search. 6 Select the casa packages for installation. 7 Click Accept to install all of the selected packages. YaST displays the progress of the package installation. Managing Login 23

8 (Conditional) If a message informs you that other package selections have been made to resolve dependencies, click Continue. 9 (Conditional) If a message prompts you to insert a CD, put the CD in the CD drive, then click OK. 10 After all the packages have been installed, click Close to close the YaST Control Center. Enabling CASA 1 Launch the YaST Control Center. GNOME: Click Computer > More Applications > System > YaST. KDE: Click the menu button > System > YaST. 2 Click Security and Users in the left column, then click CASA in the right column. 3 Click Configure CASA, then click OK. 4 Click Finish to close the CASA Configuration Wizard. 3.1.2 Configuring Integrated Login 1 Use one of the following methods to open the Novell Login dialog box: Click > Novell Login. GNOME: Click Computer > More Applications > Novell Login. KDE: Click the menu button > Novell Login. 2 Enter your username and password, then click Advanced. 3 Specify the tree, context, and server information for the server you want to connect to. 4 Click the Startup tab, then make sure Run Novell Client Login at Session Startup is selected (it is selected by default). 5 Select Save profile after the successful login to save the Novell Login dialog settings to be used for all subsequent session logins. 24 Novell Client 2.0 for Linux Administration Guide

You must have the User Name and Password fields and the Tree and Context fields on the edirectory tab filled out for this to be saved. IMPORTANT: An integrated login does not happen at the next session startup without a saved profile. 6 (Optional) Click Load Profile to populate all fields in the dialog based on the saved settings. 7 (Optional) Click Clear Profile to remove the profile settings. 8 Click OK to log in to the server specified in Step 3. The next time you log in to your SUSE Linux workstation, you will also automatically log into the Novell server specified in Step 3. 3.1.3 Managing System Wide Integrated Login Settings 1 Launch the Novell Client Configuration Wizard using either of the following methods: Click > System Settings. In YaST, click Network Services > Novell Client. 2 Select Login, then click Start Wizard. 3 On the Login Settings page, select or deselect Integrated Login. This enables or disables the integrated login feature for the entire system. This is set by the administrator and cannot be overridden by the user. 4 Select Display Integrated Login Results to display the Integrated Login Script Results window when the user desktop is launched. If this option is disabled, all login scripts are run silently and the Integrated Login Script Results window is not displayed, but login scripts are still processed. 5 Select Delete Integrated Login Profiles if you want remove the existing login profiles for all users on this workstation. 6 Click Finish. 3.2 Setting Up Login Scripts When a user successfully logs in to the network, one or more login scripts are executed that automatically set up the workstation environment. Login scripts are similar to batch files and are executed by Novell Login. You can use login scripts to map drives to Novell file system volumes and directories, display messages, set environment variables, and execute programs or menus. Login scripts were originally created for use with the Novell Client for Windows. However, the Novell Client for Linux can take advantage of the majority of the functionality available in Windows. This means that the login scripts you created for Windows workstations can also be used with Linux workstations without modification, so you need to administer only one set of login scripts. Because login scripts are very flexible and dynamic, offer a high degree of customization, and are cross-platform, you should customize the scripts to optimize workstation login to your network. For more information on setting up login scripts, see the Novell Login Scripts Guide. Managing Login 25

3.3 Setting Up Login Restrictions Login restrictions are limitations on user accounts that control access to the network. These restrictions can be set by an administrator in Novell imanager for each user s edirectory TM User object and include the following: Requiring a password You can specify its minimum length, whether it must be changed and how often, whether it must be unique, and whether the user can change it. Setting the number of logins with an expired password and the number of incorrect login attempts allowed When a user violates login restrictions by entering an incorrect password or exceeding the number of logins with an expired password, the account is disabled and no one can log in using that username. This prevents unauthorized users from logging in. Setting account limits such as an account balance or expiration date Limiting disk space for each user by specifying the maximum blocks available for each user on a volume Specifying the number of simultaneous connections a user can have Specifying (by node address) which workstations users can log in on Restricting the times when users can log in (you can assign all users the same hours or you can restrict users individually) To manage user login restrictions: 1 Launch imanager by entering the following in the Address field of a network browser: http://server_ip_address/imanager.html 2 Log in using your username and password. You will have access only to those features you have rights to. To have full access to all Novell imanager features, you must log in as Supervisor/Administrator of the tree. 3 Make sure you are in the Roles and Tasks view by clicking on the top button bar, then select Users > Modify User in the navigation panel on the left. 4 Type the name and context of the User object you want to modify, or use the search feature to find it, then click OK. 5 Click the Restrictions tab (or drop-down list, depending on the browser you are using). 26 Novell Client 2.0 for Linux Administration Guide

The following options appear. They open pages that display various properties: Password Restrictions Login Restrictions Time Restrictions Address Restrictions Account Balance Intruder Lockout 6 Make your changes, then click Apply to preview or OK to save. 3.4 Using OpenSLP to Simplify Login The service location protocol (SLP) was developed so that networking applications such as the Novell Client for Linux could discover the existence, location, and configuration of networked services in enterprise networks. Without SLP, users must supply the hostname or network address of the service that they want to access. Because SLP makes the existence, location, and configuration of certain services known to all clients in the local network, the Novell Client for Linux can use the information distributed to simplify login. For the Novell Client, having SLP set up allows users to see the trees, contexts, and servers available to them when they use the Novell Client for Linux Login screen. When they click the Browse button, a list of available trees, contexts, or servers appears and they can select the appropriate ones. For example, instead of remembering an IP address or DNS name for a server, users can select the server s name from a list of available servers. SLP must be activated and set up on your Novell servers in order for the Novell Client to take advantage of it. For more information, see SLP Services in the Network in the SUSE LINUX Managing Login 27

Enterprise Server Installation and Administration Guide (http://www.novell.com/documentation/ sles10/sles_admin/data/cha_slp.html). SLP is not set up by default on Linux workstations. The Novell Client for Linux includes a Novell Client Configuration Wizard to simplify the process of configuring your SLP and other Novell Client configuration options. The Novell Client Configuration Wizard provides only basic SLP configuration because this is all that is required by the client. However, if other applications on your workstation require more advanced settings, you can modify the /etc/slp.conf file to set advanced settings. For more information on advanced SLP configuration, see the OpenSLP Web site (http:// www.openslp.org). In addition, the /usr/share/doc/packages/openslp directory contains documentation on SLP, including a README.SuSE file containing the SUSE LINUX details, several RFCs, and two introductory HTML documents (An Introduction to SLP and OpenSLP User s Guide). RFC 2609 details the syntax of the service URLs used and RFC 2610 details DHCP via SLP. 3.4.1 Setting Up SLP 1 Launch the Novell Client Configuration Wizard using either of the following methods: Click > System Settings. In YaST, click Network Services > Novell Client. 2 Select Service Location Protocol (OpenSLP), then click Start Wizard. 3 Specify the following SLP information for your network: Scope List: Specify the scopes that a user agent (UA) or service agent (SA) is allowed when making requests or registering, or the scopes that a directory agent (DA) must support. Directory Agent List: Specify the specific DAs that UA and SA agents must use. If this setting is not used, dynamic DA discovery is used to determine which DAs to use. Broadcast Only: Select this option to use broadcasting instead of multicasting. This setting is not usually necessary because OpenSLP automatically uses broadcasting if multicasting is unavailable. SLP is designed to use IP multicasting; however, if any SLP Agent does not implement IP multicasting, then all Agents must use broadcasting to reach that Agent. If a DA does not support multicasting, we recommend using the Directory Agent List to configure that Directory Agent rather than using this option. If the network does not contain a DA, IP servers must use their own SAs to specify the services that are available. If the SA does not support multicasting and if there are any services advertised by that SA that are needed by the UA on this machine, then use the Broadcast Only option. Broadcasting has the disadvantage of being limited to the local LAN segment. Maximum Results: Specify a 32-bit integer giving the maximum number of results to accumulate and return for a synchronous request before the time-out, or the maximum number of results to return through a callback if the request results are reported asynchronously. 4 Complete the Novell Client Configuration Wizard. 5 Restart the workstation. 28 Novell Client 2.0 for Linux Administration Guide

3.4.2 Troubleshooting SLP Configuration If users cannot see a list of available trees, contexts, and servers when they use the Novell Client for Linux Login screen, use slptool, located in /usr/bin, to troubleshoot your SLP configuration. After you start slpd (located in /usr/sbin), you should be able to issue a query for SLP service agents using the following command: slptool findsrvs service:service-agent This should display a list of the hosts that are running slpd, which indicates that OpenSLP is successfully installed and working. If you do not get a list, OpenSLP is not installed correctly or is not working. See Section 3.4.1, Setting Up SLP, on page 28 for more information. 3.4.3 Configuring SLP and the SUSE Firewall to Work with the Novell Client for Linux In order for the Novell Services button in your file browser to work correctly, both SLP and the SUSE firewall must be configured properly. If OpenSLP is not installed, the SLP protocol is disabled, or your firewall settings are turned on (as they are by default in SUSE Linux Desktop 10 SP1), a warning message is displayed when you try to scan for or access Novell services. Figure 3-1 SLP/Firewall Message Click Configure SLP to open the Novell Client Configuration Wizard. Follow the instructions in Section 3.4.1, Setting Up SLP, on page 28 to configure SLP. Click Configure Firewall to open the Firewall Configuration wizard in YaST. You can turn the firewall off, or manually configure the firewall to let SLP packets in and out. If your LAN interface is defined as External in the SUSE firewall configuration, you can try adding SLP Daemon Rules as an allowed service, or you can try changing your LAN interface definition to Internal. Turning Off the SUSE Firewall 1 Launch the YaST Control Center. GNOME: Click Computer > More Applications > System > YaST. Managing Login 29

KDE: Click the menu button > System > YaST. 2 Click Security and Users in the left column, then click Firewall in the right column. 3 Click Stop Firewall Now, then click Next. 4 Click Accept to close the Firewall Configuration wizard. The next time you click the Novell Services button in your file browser, you should be able to scan for or access Novell services. Manually Configuring the SUSE Firewall To allow iptables to accept incoming unicasts from the DAs in your network, the following needs to be added to the firewall as the first rule (or before anything is denied). 1 Modify the /etc/sysconfig/susefirewall2 file. Change the following lines from #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" FW_CUSTOMRULES="" to FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" #FW_CUSTOMRULES="" 2 Modify the /etc/sysconfig/scripts/susefirewall2-custom file. In fw_custom_before_denyall() add the following: iptables -I INPUT 1 -j ACCEPT -p udp --sport 427 That will make SLP lookups work properly. Adding SLP Daemon Rules for External or DMZ Firewall Zones 1 Launch the YaST Control Center. GNOME: Click Computer > More Applications > System > YaST. KDE: Click the menu button > System > YaST. 2 Click Security and Users in the left column, then click Firewall in the right column. 3 Click Allowed Services in the left column to open the Firewall Configuration: Allowed Services screen. 4 Select SLP Daemon from the Service to Allow drop-down menu, then click Add. 5 Click Next, then click Accept. Changing Your LAN Interface Definition to Internal 1 Launch the YaST Control Center. GNOME: Click Computer > More Applications > System > YaST. KDE: Click the menu button > System > YaST. 2 Click Security and Users in the left column, then click Firewall in the right column. 30 Novell Client 2.0 for Linux Administration Guide

3 Click Interfaces in the left column, double-click your LAN interface, then select Internal Zone from the drop-down menu. 4 Click OK, then select Start-Up in the left panel. 5 Click Save Settings and Restart Firewall Now. 6 Click Next, then click Accept. Managing Login 31

32 Novell Client 2.0 for Linux Administration Guide

4Managing File Security Novell Open Enterprise Server (OES) and NetWare networks restrict access to network files and folders based on user accounts. For example, a user connected to the network using the Administrator account can delete or rename a file that other users can only open and edit. The Novell file system keeps track of the rights that users have to files and directories on the network. When users try to access any file on the network, Novell File Services (NFS) either grants access or prohibits certain things that users can do with the file. It is important to note that Linux file rights do not correlate with NFS file rights. When you copy a file from a Linux workstation to a Novell server, the only right that is preserved is the Read-Only attribute. This also occurs if you copy files from one server to another using any method other than NCOPY at the command terminal. For more information on the specific rights on NetWare and OES servers, see File Services (http:/ /www.novell.com/documentation/oes/implgde/data/filesvcs.html) in the Novell OES Planning and Implementation Guide. For additional information on file system attributes, see the File Systems Management Guide for OES (http://www.novell.com/documentation/oes/stor_filesys/data/hn0r5fzo.html). Rights are granted and revoked by creating trustee assignments. For more information, see Section 4.2, Changing Trustee Rights, on page 35. This section explains the following: Checking File or Folder Rights (page 33) Changing Trustee Rights (page 35) Combining Multiple Trustees (page 36) 4.1 Checking File or Folder Rights 1 In a file manager, right-click a Novell file system directory or file. 2 Do one of the following: GNOME: Click Novell Properties. KDE: Click Actions > Novell Properties. 3 Click the Novell Rights tab. 4 Managing File Security 33

4 View the information. The Trustees list shows the users or groups that have been granted rights to work with this file or folder. The trustees rights to the folder also apply to all the files and subfolders it contains unless the rights are explicitly redefined at the file or subfolder level. The rights that each trustee has are shown by check marks under the letters. If you are viewing the properties of multiple files, the trustees and rights shown are the combined trustees and rights for all the files. Effective Rights displays your rights for this file or folder. Users can receive rights in a number of ways, such as explicit trustee assignments, inheritance, and security equivalence (see edirectory Rights Concepts (http://www.novell.com/documentation/edir88/edir88/data/ fbachifb.html) in the Novell edirectory 8.8 Administration Guide for more information). Rights can also be limited by Inherited Rights Filters and changed or revoked by lower trustee assignments. The net result of all these actions the rights a user can employ are called effective rights. 5 To view a list of rights and filters inherited by this file or directory, click Inherited Rights and filters. All rights assignments on directories are inheritable. You can block such inheritance on individual subordinate items so that the rights aren t effective on those items, no matter who the trustee is. One exception is that the Supervisor right can be blocked. 6 Click OK. 34 Novell Client 2.0 for Linux Administration Guide

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback